AMENDMENTS TO THE CLAIMS 

1 . (Currently Amended) A system for detecting and deterring rollback attacks, comprising: 
a variable time period (VTP); 

a time duration to a next connection (TDNC); 
an access log; 

a server to transmit the variable time period (VTP) and the time duration to the next 
connection (TDNC) and to verify the access log; and 

a client to forcibly update the access log approximat e ly during every variable time period 
(VTP) regardless of whether data is accessed on the client the client additionally a nd to connect 
to the server approximat e ly after the time duration to the next connection (TDNC). 

2. (Original) The system as recited in claim 1 , wherein the client is a personal computer 
(PC). 

3. (Original) The system as recited in claim 1, wherein the client is a set-top box, 

4. (Original) The system as recited in claim 1 3 wherein the server is a video home server. 

5. (Original) The system as recited in claim 1, wherein the server is a pay-per-view video 
server. 

6. (Original) The system as recited in claim 1, wherein the server is a video-on-demand 
server. 

7. (Original) The system as recited in claim 1, wherein the server is a media content 
provider. 

8. (Original) The system as recited in claim 1, wherein the next connection is a Secure 
Authenticated Channel (SAC). 

9. (Original) The system as recited in claim 1, wherein the access log is used for billing. 

10. (Currently Amended) A method for detecting and deterring rollback attacks, comprising: 
establishing a shared secret between a client and a server; 
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transmitting, by the server to the client, a variable time period (VTP) and a time duration 
to a next connection (TDNC); 

forcibly updating, by the client, an access log approximat e ly during every variable time 
period (VTP) regardless of whether data is accessed on the client ; 

initiating, by the client to the server, a connection approximat e ly after the time duration 
to the next connection (TDNC); 

transmitting, by the client to the server, the access log; and 

verifying, by the server, the access log. 

11. (Original) The method as recited in claim 10, further comprising: 

establishing a new shared secret between the client and the server each time the client 
connects to the server. 

12. (Original) The method as recited in claim 10, further comprising: 
establishing a new variable time period (VTP) and a new time duration to a next 

connection (TDNC) each time the client connects to the server. 

13. (Original) The method as recited in claim 10, further comprising: 
incrementing, by the client, a counter, after each update to the access log. 

14. (Original) The method as recited in claim 10, further comprising: 
automatically detecting an anomaly. 

15. (Original) The method as recited in claim 14, further comprising: 
decreasing the variable time period (VTP), upon detecting an anomaly. 

16. (Original) The method as recited in claim 14, further comprising: 

decreasing the time duration to a next connection (TDNC), upon detecting an anomaly. 

17. (Original) The method as recited in claim 10, further comprising: 
encrypting the access log. 

18. (Original) The method as recited in claim 10, wherein each entry in the access log is 
encrypted. 
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19. (Original) The method as recited in claim 10, wherein the access log is re-created, each 
time the client connects to the server. 

20. (Currently Amended) A machine for detecting and deterring rollback attacks, 
comprising: 

a processor; 

a storage device coupled to the processor; 

a background component storable on the storage device and executable on the processor 
to forcibly update an access log approximat e ly during every variable time period 
fVTP) regardless of whether content is accessed from the storage device ; and 

a content player component storable on the storage device and executable on the 
processor to update the access log when the content is accessed provid e d . 

21. (Original) The machine recited in claim 20, wherein the background component is 
capable of encrypting the access log. 

22. (Original) The machine recited in claim 20, wherein the background component is 
capable of encrypting each update to the access log. 

23. (Original) The machine recited in claim 20, further comprising: 

a communication component capable of connecting to a server approximately after a time 
duration to a next connection (TDNC). 

24. (Original) The machine recited in claim 23, wherein the communication component is 
capable of transmitting the access log. 

25. (Original) The machine recited in claim 23, wherein the communication component is 
capable of receiving a new variable time period (VTP) and a new time duration to the next 
connection (TDNC). 

26. (Original) The machine recited in claim 20, wherein the communication component is 
capable of receiving a new access log. 

27. (Original) The machine recited in claim 26, wherein the background component is 
capable of decrypting the new access log. 
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28. (Currently Amended) A machine-accessible medium having associated content capable 
of directing the machine to perform a method of detecting and deterring rollback attacks, the 
method comprising: 

initiating, by a client a connection with a server; 
transmitting, bv the client the old access log to the server; 
receiving, by the server, the old access log; 
inspecting, bv the server, the old access log; 
transmitting, by a server, a new access log; and 

transmitting, by the server, a new variable time period (VTP) and a new time duration to 

the next connection (TDNC); 
receiving, bv the client, the new access log; 
receiving, bv the client, the new VTP and the new TDNC; 
storing, bv the client the new access log, the new VTP, and the new TDNC; and 
forcibly updating, bv a client, the new access log during every new VTP. 

29. (Canceled) Please cancel Claim 29 without prejudice. 

30. (Original) The machine-accessible medium as recited in claim 28, wherein the method 
further comprises: 

establishing, by the server, a shared secret with a client; 
decrypting, by the server, the access log; 
encrypting, by the server, the new access log; and 

encrypting, by the server, the new variable time period (VTP) and the new time duration 
to the next connection (TDNC). 

3 1 . (Canceled) Please cancel Claim 3 1 without prejudice. 

32. (Original) The machine-accessible medium as recited in claim 28, wherein the method 
further comprises: 

establishing, by a client, a shared secret with the server; 
encrypting, by the client, the access log; 
decrypting, by the client, the new access log; and 
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decrypting, by the client, the new variable time period (VTP) and the new time duration 
to the next connection (TDNC). 

33. (Canceled) Please cancel Claim 33 without prejudice. 
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